If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Comment

Where can I find a list of console codes I can copy and paste to configure iptables

????

If you care about security you shouldn't just paste commands you don't understand from the internet in your terminal ;-) AFAIK fedora has the iptables setup in way where everything is blocked. If you only want 80 and 443 you just have to whitelist ("trusted service") these ports with 'system-config-firewall'.

Comment

If you care about security you shouldn't just paste commands you don't understand from the internet in your terminal ;-) AFAIK fedora has the iptables setup in way where everything is blocked. If you only want 80 and 443 you just have to whitelist ("trusted service") these ports with 'system-config-firewall'.

this is what I don't get:

in firewalld they show you a bunch of services and say "tick the services that you want so they are available everyhwere etc etc"

now I untick ssh and mdns and the like

actually I untick everything, including http and https

and firefox still works

???????????'

shouldn't I, by unticking http and https not be able to block them? or do they mean https as a server?

Comment

A firewall is for incoming communication requests (so for "servers") and not outgoing traffic. If you want to block outgoing traffic (why?) you have to either just disable the ethernet card or use iptables directly.

Comment

you have clearly never been hacked in windows: they reverse engineer code to find exploits in popular apps and then they are able to trigger behavior on those same apps to establish connections to wherever...

meaning it's not hackers establishing incoming communications to your system, it's your system itself dialing home to the hackers.

Skype for instance is dangerous as fuck, and I have proof just like I did back in march about that very dangerous flash exploit.

I didn't know shit about firewalls or much about computers/linux but now I'm learning.

In good routers you can block all outgoing and incoming traffic and then just open up the ports you need.

Turns out UGFW is actually more secure than fedora's firewalld as you can allow outgoing connections but then specify the rejection of ssh, telnet etc traffic

a good firewall should monitor all your connections and not just incoming.

Comment

meaning it's not hackers establishing incoming communications to your system, it's your system itself dialing home to the hackers.
[...]
Turns out UGFW is actually more secure than fedora's firewalld as you can allow outgoing connections but then specify the rejection of ssh, telnet etc traffic

a good firewall should monitor all your connections and not just incoming.

What exactly stops the malware from using https or a custom protocol instead of ssh/telnet/etc? And when you have malware with root access it's quite easy for it to disable the firewall I'm not saying blocking as much as possible is bad, but you are never 100% safe unless you pull out the ethernet cable. Usually you are pretty safe on linux with blocking incoming stuff and not executing random stuff you downloaded from the internet.